Where E is the public exponent, N is public modulus and D is
the private exponent.The longer key format contains redundant
information that will make the calculation faster. P1,P2 are first
and second prime factors. E1,E2 are first and second exponents. C
is the CRT coefficient. Terminology is taken from RFC 3447.

dss_public() = [key_value()] = [P, Q, G, Y]

Where P, Q and G are the dss parameters and Y is the public key.

dss_private() = [key_value()] = [P, Q, G, X]

Where P, Q and G are the dss parameters and X is the private key.

srp_public() = key_value()

Where is A or B from SRP design

srp_private() = key_value()

Where is a or b from SRP design

Where Verifier is v, Generator is g and Prime is N, DerivedKey is X, and Scrambler is
u (optional will be generated if not provided) from SRP design
Version = '3' | '6' | '6a'

hash(Type, Data) -> Digest

May throw exception notsup in case the chosen Type
is not supported by the underlying OpenSSL implementation.

hash_init(Type) -> Context

Type = md4 | hash_algorithms()

Initializes the context for streaming hash operations. Type determines
which digest to use. The returned context should be used as argument
to hash_update.

May throw exception notsup in case the chosen Type
is not supported by the underlying OpenSSL implementation.

hash_update(Context, Data) -> NewContext

Data = iodata()

Updates the digest represented by Context using the given Data. Context
must have been generated using hash_init
or a previous call to this function. Data can be any length. NewContext
must be passed into the next call to hash_update
or hash_final.

hash_final(Context) -> Digest

Digest = binary()

Finalizes the hash operation referenced by Context returned
from a previous call to hash_update.
The size of Digest is determined by the type of hash
function used to generate it.

hmac(Type, Key, Data) -> Mac

hmac(Type, Key, Data, MacLength) -> Mac

Type = hash_algorithms() - except ripemd160

Key = iodata()

Data = iodata()

MacLength = integer()

Mac = binary()

Computes a HMAC of type Type from Data using
Key as the authentication key.

MacLength
will limit the size of the resultant Mac.

hmac_init(Type, Key) -> Context

Type = hash_algorithms() - except ripemd160

Key = iodata()

Context = binary()

Initializes the context for streaming HMAC operations. Type determines
which hash function to use in the HMAC operation. Key is the authentication
key. The key can be any length.

hmac_update(Context, Data) -> NewContext

Context = NewContext = binary()

Data = iodata()

Updates the HMAC represented by Context using the given Data. Context
must have been generated using an HMAC init function (such as
hmac_init). Data can be any length. NewContext
must be passed into the next call to hmac_update
or to one of the functions hmac_final and
hmac_final_n

hmac_final(Context) -> Mac

Context = Mac = binary()

Finalizes the HMAC operation referenced by Context. The size of the resultant MAC is
determined by the type of hash function used to generate it.

hmac_final_n(Context, HashLen) -> Mac

Context = Mac = binary()

HashLen = non_neg_integer()

Finalizes the HMAC operation referenced by Context. HashLen must be greater than
zero. Mac will be a binary with at most HashLen bytes. Note that if HashLen is greater than the actual number of bytes returned from the underlying hash, the returned hash will have fewer than HashLen bytes.

info_lib() -> [{Name,VerNum,VerStr}]

Name = binary()

VerNum = integer()

VerStr = binary()

Provides the name and version of the libraries used by crypto.

Name is the name of the library. VerNum is
the numeric version according to the library's own versioning
scheme. VerStr contains a text variant of the version.

Note!

From OTP R16 the numeric version represents the version of the OpenSSL
header files (openssl/opensslv.h) used when crypto was compiled.
The text variant represents the OpenSSL library used at runtime.
In earlier OTP versions both numeric and text was taken from the library.

mod_pow(N, P, M) -> Result

N, P, M = binary() | integer()

Result = binary() | error

Computes the function N^P mod M.

next_iv(Type, Data) -> NextIVec

next_iv(Type, Data, IVec) -> NextIVec

Type = des_cbc | des3_cbc | aes_cbc | des_cfb

Data = iodata()

IVec = NextIVec = binary()

Returns the initialization vector to be used in the next
iteration of encrypt/decrypt of type Type. Data is the
encrypted data from the previous iteration step. The IVec
argument is only needed for des_cfb as the vector used
in the previous iteration step.

private_decrypt(Type, ChipherText, PrivateKey, Padding) -> PlainText

Type = rsa

ChipherText = binary()

PrivateKey = rsa_private()

Padding = rsa_pkcs1_padding | rsa_pkcs1_oaep_padding | rsa_no_padding

PlainText = binary()

Decrypts the ChipherText, encrypted with
public_encrypt/4 (or equivalent function)
using the PrivateKey, and returns the
plaintext (message digest). This is a low level signature verification operation
used for instance by older versions of the SSL protocol.
See also public_key:decrypt_private/[2,3]

private_encrypt(Type, PlainText, PrivateKey, Padding) -> ChipherText

Type = rsa

PlainText = binary()

The size of the PlainText must be less
than byte_size(N)-11 if rsa_pkcs1_padding is
used, and byte_size(N) if rsa_no_padding is
used, where N is public modulus of the RSA key.

PrivateKey = rsa_private()

Padding = rsa_pkcs1_padding | rsa_no_padding

ChipherText = binary()

Encrypts the PlainText using the PrivateKey
and returns the ciphertext. This is a low level signature operation
used for instance by older versions of the SSL protocol. See
also public_key:encrypt_private/[2,3]

public_decrypt(Type, ChipherText, PublicKey, Padding) -> PlainText

Type = rsa

ChipherText = binary()

PublicKey = rsa_public()

Padding = rsa_pkcs1_padding | rsa_no_padding

PlainText = binary()

Decrypts the ChipherText, encrypted with
private_encrypt/4(or equivalent function)
using the PrivateKey, and returns the
plaintext (message digest). This is a low level signature verification operation
used for instance by older versions of the SSL protocol.
See also public_key:decrypt_public/[2,3]

public_encrypt(Type, PlainText, PublicKey, Padding) -> ChipherText

Type = rsa

PlainText = binary()

The size of the PlainText must be less
than byte_size(N)-11 if rsa_pkcs1_padding is
used, and byte_size(N) if rsa_no_padding is
used, where N is public modulus of the RSA key.

PublicKey = rsa_public()

Padding = rsa_pkcs1_padding | rsa_pkcs1_oaep_padding | rsa_no_padding

ChipherText = binary()

Encrypts the PlainText (message digest) using the PublicKey
and returns the CipherText. This is a low level signature operation
used for instance by older versions of the SSL protocol. See also public_key:encrypt_public/[2,3]

rand_bytes(N) -> binary()

N = integer()

Generates N bytes randomly uniform 0..255, and returns the
result in a binary. Uses the crypto library pseudo-random
number generator.

rand_uniform(Lo, Hi) -> N

Lo, Hi, N = integer()

Generate a random number N, Lo =< N < Hi. Uses the
crypto library pseudo-random number generator.
Hi must be larger than Lo.

sign(Algorithm, DigestType, Msg, Key) -> binary()

Algorithm = rsa | dss | ecdsa

Msg = binary() | {digest,binary()}

The msg is either the binary "cleartext" data to be
signed or it is the hashed value of "cleartext" i.e. the
digest (plaintext).

start() -> ok

Equivalent to application:start(crypto).

stop() -> ok

Equivalent to application:stop(crypto).

strong_rand_bytes(N) -> binary()

N = integer()

Generates N bytes randomly uniform 0..255, and returns the
result in a binary. Uses a cryptographically secure prng seeded and
periodically mixed with operating system provided entropy. By default
this is the RAND_bytes method from OpenSSL.

May throw exception low_entropy in case the random generator
failed due to lack of secure "randomness".

stream_init(Type, Key) -> State

stream_init(Type, Key, IVec) -> State

Type = aes_ctr

State = opaque()

Key = iodata()

IVec = binary()

Initializes the state for use in streaming AES encryption using Counter mode (CTR).
Key is the AES key and must be either 128, 192, or 256 bts long. IVec is
an arbitrary initializing vector of 128 bits (16 bytes). This state is for use with
stream_encrypt and
stream_decrypt.

stream_encrypt(State, PlainText) -> { NewState, CipherText}

Text = iodata()

CipherText = binary()

Encrypts PlainText according to the stream cipher Type specified in stream_init/3.
Text can be any number of bytes. The initial State is created using
stream_init.
NewState must be passed into the next call to stream_encrypt.

stream_decrypt(State, CipherText) -> { NewState, PlainText }

CipherText = iodata()

PlainText = binary()

Decrypts CipherText according to the stream cipher Type specified in stream_init/3.
PlainText can be any number of bytes. The initial State is created using
stream_init.
NewState must be passed into the next call to stream_encrypt.